Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-31012

Reflected cross-site scripting (XSS) in dosearchsite action

    XMLWordPrintable

Details

    Description

      The dosearchsite action is vulnerable to reflected cross-site scripting (XSS) via the searchQuery.spaceKey parameter. This vulnerability appears to be very similar to issue CONF-30318 and fixes implemented in response to that issue may fix this vulnerability.

      If the URL below is visited by an authenticated user of Confluence, the embedded script executes in the context of the user:

      http://confluenceserver:8090/dosearchsite.action?searchQuery.queryString=test&searchQuery.spaceKey=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

      It should be noted that this is a non-trivial example of XSS - the page returned from this URL contains the embedded script, html encoded, as the value of an input tag in a div of class "filter-wrapper space-filter". XSS is triggered when this div is processed by javascript associated with the page.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-30318 Reflected XSS in 'where' param of doSearchSite

          • High - High priority issues
          • Closed
          mentioned in

          Page Loading...

          Wiki Page Loading...

          Activity

            People

              igerges Issac Gerges (Inactive)
              a136c65a63df Phillip Langlois
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: